15.4. Configuration Examples
15.4.1. Labeling Gluster Bricks
A Gluster brick is an export directory on a server in the trusted storage pool. In case that the brick is not labeled with the correct SELinux context,
glusterd_brick_t, SELinux denies certain file access operations and generates various AVC messages.
The following procedure shows how to label Gluster bricks with the correct SELinux context. The procedure assumes that you previously created and formatted a logical volume, for example
/dev/rhgs/gluster, to be used as the Gluster brick.
For detailed information about Gluster bricks, see the Red Hat Gluster Storage Volumes chapter in the Administration Guide for Red Hat Gluster Storage.
Procedure 15.1. How to Label a Gluster Brick
- Create a directory to mount the previously formatted logical volume. For example:
~]#
mkdir /mnt/brick1 - Mount the logical volume, in this case
/dev/vg-group/gluster, to the/mnt/brick1/directory created in the previous step.~]#
mount /dev/vg-group/gluster /mnt/brick1/Note that themountcommand mounts devices only temporarily. To mount the device permanently, add an entry similar as the following one to the/etc/fstabfile:/dev/vg-group/gluster /mnt/brick1 xfs rw,inode64,noatime,nouuid 1 2
For more information, see the fstab(5) manual page. - Check the SELinux context of
/mnt/brick1/:~]$
ls -lZd /mnt/brick1/drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /mnt/brick1/The directory is labeled with theunlabeled_tSELinux type. - Change the SELinux type of
/mnt/brick1/to theglusterd_brick_tSELinux type:~]#
semanage fcontext -a -t glusterd_brick_t "/mnt/brick1(/.*)?" - Use the
restoreconutility to apply the changes:~]#
restorecon -Rv /mnt/brick1 - Finally, verify that the context has been successfully changed:
~]$
ls -lZd /mnt/brick1drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 /mnt/brick1/
